Ubuntu
haproxy package

Merge ~paelzer/ubuntu/+source/haproxy:bug-1848902-hang-on-exit-143-BIONIC into ubuntu/+source/haproxy:ubuntu/bionic-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/haproxy
  3. bug-1848902-hang-on-exit-143-BIONIC
  4. Merge into ubuntu/bionic-devel
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: d0d17a603b126f2c2239d8903a5713b529cc4c81
Merged at revision: d0d17a603b126f2c2239d8903a5713b529cc4c81
Proposed branch: ~paelzer/ubuntu/+source/haproxy:bug-1848902-hang-on-exit-143-BIONIC
Merge into: ubuntu/+source/haproxy:ubuntu/bionic-devel
Diff against target: 91 lines (+69/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/lp-1848902-MINOR-systemd-consider-exit-status-143-as-successful.patch (+61/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Bryce Harrington (community) Needs Fixing
Canonical Server Pending
Canonical Server packageset reviewers Pending
Review via email: mp+375433@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~paelzer/+archive/ubuntu/bug-1848902-haproxy-hang

Revision history for this message
Bryce Harrington (bryce) wrote :

- [√] changelog entry correct, targeted to correct codename
- [√] no major upstream changes to consider
- [√] debian changes look safe
- [√] update-maintainer has been run
- [-] changes forwarded upstream/debian (if appropriate)
- [-] nothing else to drop
- [√] patches match what was proposed upstream
- [√] patches correctly included in debian/patches/series?
- [√] patches have correct DEP3 metadata

== Testing ==

$ lxc launch ubuntu:18.04/amd64 bug-1848902-haproxy-hang
$ lxc exec bug-1848902-haproxy-hang -- bash

== Existing (broken) case ==
# apt-get install haproxy=1.8.8-1ubuntu0.7
# systemctl status haproxy | grep Active:
   Active: active (running) since Sat 2019-11-16 20:41:51 UTC; 1min 32s ago

# pkill -TERM -x haproxy
# systemctl status haproxy
   Active: active (running) since Sat 2019-11-16 20:43:52 UTC; 1s ago

# for x in {1..100}; do pkill -TERM -x haproxy ; sleep 0.1 ; done
# systemctl status haproxy | grep Active:
   Active: failed (Result: exit-code) since Sat 2019-11-16 20:44:53 UTC; 18s ago

== PPA Version ==
# add-apt-repository ppa:paelzer/bug-1848902-haproxy-hang
# apt install haproxy
# apt-cache policy haproxy | grep Installed:
  Installed: 1.8.8-1ubuntu0.8~ppa1
# systemctl status haproxy | grep Active:
   Active: active (running) since Sat 2019-11-16 20:46:52 UTC; 29s ago

# pkill -TERM -x haproxy
# systemctl status haproxy | grep Active:
   Active: active (running) since Sat 2019-11-16 20:49:10 UTC; 917ms ago

# for x in {1..100}; do pkill -TERM -x haproxy ; sleep 0.1 ; done
# systemctl status haproxy | grep Active:
   Active: failed (Result: start-limit-hit) since Sat 2019-11-16 20:50:18 UTC; 9s ago

---

I think the test case would be clearer if the end result was haproxy remained actively running, rather than fail just for a different reason, however it is failing for the documented reason (start limit hit) instead of the original problem (exit code), so technically seems to be correct and behaving as designed, so +1.

review: Approve
Revision history for this message
Bryce Harrington (bryce) wrote :

Figured out a way to hackaround the rate limiter in the test case for the SRU template:

for x in {1..100}; do pkill -TERM -x haproxy ; sleep 0.1 ; systemctl reset-failed haproxy.service; done

With that, the test case should result in success with the fixed case.

Otherwise, once you hit x==6 in the loop systemd just kills off the service and you don't exercise the test coverage for the remaining 95 steps of the counter. I couldn't find a way to configure this per-service (I experimented with StartLimitBurst=101 and StartLimitIntervalSec=<N> but no effect), and didn't spot a way to configure this in systemd globally), but the brute force reset-failed should be sufficient for the test case.

review: Needs Fixing
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks for the modified test bryce, but with it also the old code remains an active service.
I extended the steps in the SRU template.
I admit the test isn't perfect at all, but that is the nature with races.

At least the fix is accepted upstream and in addition fact that active users already run the accepted RC in the field convinces me to go forward.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/haproxy
 * [new tag] upload/1.8.8-1ubuntu0.8 -> upload/1.8.8-1ubuntu0.8

$ dput ubuntu ../haproxy_1.8.8-1ubuntu0.8_source.changes
Checking signature on .changes
gpg: ../haproxy_1.8.8-1ubuntu0.8_source.changes: Error checking signature from BA3E29338280B242: SignatureVerifyError: 0
Checking signature on .dsc
gpg: ../haproxy_1.8.8-1ubuntu0.8.dsc: Error checking signature from BA3E29338280B242: SignatureVerifyError: 0
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading haproxy_1.8.8-1ubuntu0.8.dsc: done.
  Uploading haproxy_1.8.8-1ubuntu0.8.debian.tar.xz: done.
  Uploading haproxy_1.8.8-1ubuntu0.8_source.buildinfo: done.
  Uploading haproxy_1.8.8-1ubuntu0.8_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 8470612..a388302 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
1haproxy (1.8.8-1ubuntu0.8) bionic; urgency=medium
2
3 * d/p/lp-1848902-MINOR-systemd-consider-exit-status-143-as-successful.patch:
4 fix potential hang in haproxy (LP: #1848902)
5
6 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Nov 2019 13:16:22 +0100
7
1haproxy (1.8.8-1ubuntu0.7) bionic-security; urgency=medium8haproxy (1.8.8-1ubuntu0.7) bionic-security; urgency=medium
29
3 * SECURITY UPDATE: Messages with transfer-encoding header missing "chunked"10 * SECURITY UPDATE: Messages with transfer-encoding header missing "chunked"
diff --git a/debian/patches/lp-1848902-MINOR-systemd-consider-exit-status-143-as-successful.patch b/debian/patches/lp-1848902-MINOR-systemd-consider-exit-status-143-as-successful.patch
4new file mode 10064411new file mode 100644
index 0000000..1d782f9
--- /dev/null
+++ b/debian/patches/lp-1848902-MINOR-systemd-consider-exit-status-143-as-successful.patch
@@ -0,0 +1,61 @@
1From fdc6c62dbebf4b646b4f80c383e3b00f34b0440f Mon Sep 17 00:00:00 2001
2From: Vincent Bernat <vincent@bernat.im>
3Date: Fri, 22 Jun 2018 20:57:03 +0200
4Subject: [PATCH] MINOR: systemd: consider exit status 143 as successful
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9The master process will exit with the status of the last worker. When
10the worker is killed with SIGTERM, it is expected to get 143 as an
11exit status. Therefore, we consider this exit status as normal from a
12systemd point of view. If it happens when not stopping, the systemd
13unit is configured to always restart, so it has no adverse effect.
14
15This has mostly a cosmetic effect. Without the patch, stopping HAProxy
16leads to the following status:
17
18 ● haproxy.service - HAProxy Load Balancer
19 Loaded: loaded (/lib/systemd/system/haproxy.service; disabled; vendor preset: enabled)
20 Active: failed (Result: exit-code) since Fri 2018-06-22 20:35:42 CEST; 8min ago
21 Docs: man:haproxy(1)
22 file:/usr/share/doc/haproxy/configuration.txt.gz
23 Process: 32715 ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS (code=exited, status=143)
24 Process: 32714 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS (code=exited, status=0/SUCCESS)
25 Main PID: 32715 (code=exited, status=143)
26
27After the patch:
28
29 ● haproxy.service - HAProxy Load Balancer
30 Loaded: loaded (/lib/systemd/system/haproxy.service; disabled; vendor preset: enabled)
31 Active: inactive (dead)
32 Docs: man:haproxy(1)
33 file:/usr/share/doc/haproxy/configuration.txt.gz
34
35(cherry picked from commit 3b479bd5f5f50ce91cabed32bb26556313552d23)
36Signed-off-by: William Lallemand <wlallemand@haproxy.org>
37
38Origin: upstream, http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=fdc6c62dbebf4b646b4f80c383e3b00f34b0440f
39Bug-Ubuntu: https://bugs.launchpad.net/bugs/1848902
40Applied-Upstream: 1.8.13
41Last-Update: 2019-11-12
42
43---
44 contrib/systemd/haproxy.service.in | 1 +
45 1 file changed, 1 insertion(+)
46
47diff --git a/contrib/systemd/haproxy.service.in b/contrib/systemd/haproxy.service.in
48index 7a8b6bead..74e66e302 100644
49--- a/contrib/systemd/haproxy.service.in
50+++ b/contrib/systemd/haproxy.service.in
51@@ -10,6 +10,7 @@ ExecReload=@SBINDIR@/haproxy -f $CONFIG -c -q
52 ExecReload=/bin/kill -USR2 $MAINPID
53 KillMode=mixed
54 Restart=always
55+SuccessExitStatus=143
56 Type=notify
57
58 # The following lines leverage SystemD's sandboxing options to provide
59--
602.24.0
61
diff --git a/debian/patches/series b/debian/patches/series
index 295e83d..ac811fe 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,4 @@ stksess-align.patch
14lp-1841936-CLEANUP-ssl-make-ssl_sock_load_dh_params-handle-errc.patch14lp-1841936-CLEANUP-ssl-make-ssl_sock_load_dh_params-handle-errc.patch
15lp-1841936-BUG-MEDIUM-ssl-tune.ssl.default-dh-param-value-ignor.patch15lp-1841936-BUG-MEDIUM-ssl-tune.ssl.default-dh-param-value-ignor.patch
16CVE-2019-18277.patch16CVE-2019-18277.patch
17lp-1848902-MINOR-systemd-consider-exit-status-143-as-successful.patch

Subscribers

People subscribed via source and target branches